Obama on Right Track on Cybersecurity, Former Official Says

By Matthew Harwood

Last week's announcement by President Barack Obama that he will create a new cybersecurity czar to develop and coordinate a national strategy for protecting the U.S. digital infrastructure from cyberthreats was met with praise from a former government information security official in an interview.

"I'm very encouraged," said Patricia Titus, chief information security officer (CISO) of Unisys Federal Systems and the former CISO at the Transportation Security Administration, in an interview with Security Management. She added, however,  that the report released Friday as part of Obama's 60-day review of the nation's cyberdefences was less than "earth-shattering."
For Titus—who also contributed to the Center for Strategic and International Studies' report, “Securing Cyberspace for the 44th Presidency"—Obama's cybersecurity effort must do four things: pick the right cybersecurity leader, establish effective public-private partnerships between government and industry, educate Americans on good cybersecurity practices, and speed up the hiring process for cybersecurity professionals.
The most important upcoming decision for the Obama administration will be choosing who will fill the newly created position of cybersecurity coordinator, she said. According to news reports, Melissa Hathaway, who oversaw the 60-day review of the government's cybersecurity posture and is acting senior director for cyberspace at the National Security Council, is a frontrunner for the position.
"I think she is very qualified," Titus said, adding that whoever is picked should balance between knowing the needs of the government and the private sector.
Moving forward, she said the Obama administration must be open to public and private sector comments as they fashion cybersecurity policy. Conversely, the private sector should participate in organizations like TechAmerica, an industry group that's "really carrying the message forth on [cybersecurity] legislation," she said, to ensure that its voice is heard. All this will help create public-private partnerships that work.
"They have got to work," she said, because it's only through the private sector where the government with get a positive feedback loop of what's workable and what's not. The majority of digital infrastructure in the United States is owned by the private sector, which feared the government might impose impractical regulations to ensure network security.
It was a concern Obama dealt with head-on Friday, promising, "My administration will not dictate security standards for private companies."
But however the public-private partnerships function, Titus said there has to be a tiered structure to them. She envisions the Obama administration using the townhall meeting format to talk to the American people at the lowest level of the tier, building up to a joint-operation center where government and private industry discuss vulnerabilities in a classified, national security-like setting. The hardest thing for the cybersecurity coordinator to solve will be how to get critical information of vulnerabilities and threats to the appropriate people in the private sector without compromising the information, she said.
Another crucial area the Obama administration addressed in his speech and must advance effectively, according to Titus, is public education and awareness regarding good practices on the Internet. 
"There is this concept that we're secure," Titus said, "that the data you're sending is secure as long as I have that gold lock in the corner of my computer then I'm good to go."
She says there needs to be more public education so that people understand "that just because the little gold lock is on doesn't mean you're good to go." Cybercrime is a serious matter, one that Obama drew attention to today when he alluded to a recent study that estimates Ameircans lost more than $8 billion due to cybercrime over the last two years.
Titus compared the anarchy of the Internet to the Wild West when settlers understood that they had to arm and protect themselves from human predators. The problem today, however, is that many people on the new digital landscape aren't armed with that situational awareness.
"[W]e may not have armed our citizens well enough to understand the threat and so we've given them these technologies and capabilities and there is the concept that 'I'm secure.'" But she said, "I don't know if policy and legislation is going to solve the problem."
Finally, Titus said the Obama administration would have to speed up the hiring process to ensure that the country's best and brightest young talent work to secure U.S. digital infrastructure.
During her tenure at TSA, she said that it was "nearly impossible" to recruit and hire cybersecurity professionals due to the months-long screening process as well as government policy that veterans have employment priority over recent graduates.
Titus also said she had to battle staffing and resource shortages that made it difficult for the Department of Homeland Security, the agency responsible for protecting non-military government networks, to fulfill its cybersecurity mission.
"Staffing and resource issues," she said, "have to be addressed immediately."


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.